Following the economic sanctions imposed on Russia, the Five Eyes Intelligence Alliance issued warnings in late April ’22, that the Russian Government was exploring options for Cyber Attacks to cripple critical organisations and services, in Europe and North America. The Hacktivist Group, KillNet, were mentioned in their warning. Jen Easterly, the Director of the Cybersecurity and Infrastructure Security Agency (CISA) in the United States, gave the following statement in April ‘22:
“Given recent intelligence indicating that the Russian government is exploring options for potential cyberattacks against U.S. critical infrastructure, CISA along with our interagency and international partners are putting out this advisory to highlight the demonstrated threat and capability of Russian state-sponsored and Russian aligned cybercrime groups. We know that malicious cyber activity is part of the Russian playbook, which is why every organization – large and small – should take action to protect themselves during this heightened threat environment. We urge all critical infrastructure owners and operators as well as all organizations to review the guidance in this advisory as well as visit CISA for regular updated information to protect yourself and your business.”
KillNet hacktivists are believed to be Pro-Russian, targeting Russia’s European neighbours and North American countries, in an attempt to deter the support for Ukraine. Though they are believed to be Pro-Russian, it must be said that at this point, there is no solid evidence to suggest that the Russian Government has any input or influence on the group.
KillNet appeared shortly after the war in Ukraine began, and since have become renowned for causing big publicity, from somewhat small acts. Being noisy and attention grabbing but lacking in substance. The DDoS attacks and tools being used by KillNet and their botnet(s), can prove to be somewhat impactful to a business, however these attacks can be defended against, and further resilience can be implemented to bolster security. KillNet have taken responsibility for numerous Cyber Attacks which have occurred this year, including the DDoS of the Eurovision song contest in Turin, Italy, where the Italian Police Department managed to thwart the DDoS attempt at the time, however in doing so, they inadvertently re-directed the DDoS attack towards Italy’s Government Web Services.
Since their emergence, KillNet have probed and launched DDoS attacks against several European Country’s internal Government Websites and Services. This includes Germany, Romania, Poland, Czech Republic, Lithuania, and Estonia, all of which have demonstrated support for Ukraine. One Cyber Security researcher, under the pseudonym CyberKnow, stated: “KillNet works in an emotional way. They seek revenge and retaliation against wrongs they believe have been dealt against Russia and its people”. Both sides of the Ukraine War have a Cyber Army operating for them, as similar groups are known to be operating for Ukraine, performing the same DDoS attacks and tools against Banking, Government, and Health Care websites and services, in Russia.
In recent days, KillNet have claimed the responsibility for the Cyber Attacks launched against state airports in the United States. The DDoS attacks spanned several state airports, including Atlanta, Alabama, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, Florida, Georgia, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, and Missouri. A number of the state airports recorded website downtime, and an intermittent interruption to online services. JP Morgan also reported experiencing a DDoS attack which KillNet claimed, reporting impact and downtime of their webpages. However, JP Morgan has since reported no overall effect on the operations of the business.
In terms of future attacks from KillNet, it is unclear what potential power they may truly carry and what real damage they could do. For now, we know that they use a simple DDoS toolkit to launch attacks, as well as they rally support via Telegram channels, encouraging other hackers to participate. The total number of supporters is unknown, and their skill level is also indeterminable. Almost anyone could use the DDoS toolkit, and a hacker can begin learning anywhere, it is their progression and development which makes them potentially dangerous. Though KillNet may be appearing to be simply rocking the boat and causing as much noise/disruption as possible, it would be unwise to underestimate them, thinking they are nothing truly significant and not worth monitoring.